Standard WOPI request and response headersΒΆ

GET /wopi/

All WOPI requests may contain the following request and response headers. Note that individual WOPI operations may send additional request headers or require additional response headers. These unique headers are described in the documentation for each WOPI operation.

Tip

HTTP header names are case-insensitive. See RFC 7230#section-3.2 for more information.

Request Headers:
 
  • Authorization –

    The string value Bearer <token> where <token> is the access token for the request.

    Important

    Note that WOPI clients are not required to pass the access token in the Authorization header, but they must send it as a URL parameter in all WOPI operations. Thus, for maximum compatibility, WOPI hosts should either use the URL parameter in all cases, or fall back to it if the Authorization header is not included in the request.

  • X-Request-ID – A string that the host should log when logging server activity to correlate that request with a specific WOPI call to the host.
  • X-WOPI-AppEndpoint – A string used to indicate the endpoint of the WOPI client sending the request. This is typically used to indicate geographic location, datacenter, etc. This string must not be used for anything other than logging.
  • X-WOPI-RequestingApplication – A string used to indicate the WOPI client sending the request. This string must not be used for anything other than logging.
  • X-WOPI-ClientVersion – A string that the host should log indicating the version of the WOPI client making the request. There is no standard for how this string is formatted, and it must not be used for anything other than logging.
  • X-WOPI-CorrelationId –

    A string that the host should log when logging server activity to correlate that activity with WOPI client activity.

    Office Online Tip

    See Troubleshooting interactions with Office Online for more information on how this ID is used in Office Online.

  • X-WOPI-DeviceId – A string that the host should log indicating the ID of the device making the request. This string must not be used for anything other than logging.
  • X-WOPI-SessionId – A string that the host should log to correlate WOPI client activity within a session. This string must not be used for anything other than logging.
  • X-WOPI-MachineName – A string indicating the name of the WOPI client machine making the request. This string must not be used for anything other than logging.
  • X-WOPI-PerfTraceRequested – This header is reserved for future use.
  • X-WOPI-Proof – A string representing data signed using a SHA256 (A 256 bit SHA-2-encoded [FIPS 180-2]) encryption algorithm. See Verifying that requests originate from Office Online by using proof keys for more information regarding the use of this header value.
  • X-WOPI-ProofOld – A string representing data signed using a SHA256 (A 256 bit SHA-2-encoded [FIPS 180-2]) encryption algorithm. See Verifying that requests originate from Office Online by using proof keys for more information regarding the use of this header value.
  • X-WOPI-TimeStamp –

    A 64-bit integer that represents the number of 100-nanosecond intervals that have elapsed between 12:00:00 midnight, January 1, 0001, UTC and the UTC time of the request. This value can be set in .NET using the following C# code: DateTime.UtcNow.Ticks.

Response Headers:
 
  • Content-Type – This header should be set to a value appropriate to the type of data being included in the response. For example, when responding to a WOPI request with JSON-encoded data in the response body, the Content-Type header should be set to application/json. WOPI clients may ignore a response with a Content-Type header that does not match the expected type.
  • X-WOPI-HostEndpoint – A string used to indicate the endpoint of the WOPI host handling the request. This is analogous to the X-WOPI-AppEndpoint request header and is typically used to indicate geographic location, datacenter, etc. This string must not be used for anything other than logging.
  • X-WOPI-MachineName – A string indicating the name of the WOPI host server handling the request. This string must not be used for anything other than logging.
  • X-WOPI-PerfTrace – This header is reserved for future use.
  • X-WOPI-ServerError – A string indicating that an error occurred while processing the WOPI request. This header should be included in a WOPI response if the status code is 500 Internal Server Error, but may be returned on any response with a non-200 status code. The value should contain details about the error. This string must not be used for anything other than logging.
  • X-WOPI-ServerVersion – A string indicating the version of the WOPI host server handling the request. There is no standard for how this string is formatted, and it must not be used for anything other than logging.